Core Issue
In security engineering, a nonce is a number used once. It is often a random number issued in an authentication protocol to ensure that old communication cannot be reused in replay attacks. The nonce-lifetime is global, and is not specific for each device.
The EP nonce-lifetime by default is configured to 60 minutes. This means that the first message after the 60 minute period of time gets 407 challenge by the EP.
Resolution
The nonce-lifetime is configured only via script and not the CLI.
Complete these steps to change the nonce-lifetime to a longer period of time:
- As dsuser, login to the machines where EP is located.
- cd to the EP INSTALL_DIR/scripts.
- Edit the script called dsedge_auth.xcl with the new value.
For example:
dsuser$vi dsedge_auth.xcl
ce-lifetime="$nonce-lifetime">
- For the changes to take affect, execute one of these steps:
- Telnet to the EP CLI, and issue a commit with a new version number. A commit always forces the server to read the xcl scripts from the disk again.
For example:
dsedge>commit ["-v"]
dsedge>commit -v nonce